HiveNightmare Windows Zero-Day Vuln Allows Privilege Escalation

Business Data Breach

Expert(s): Saryu Nayyar, Doug Britton | »

A new Microsoft “HiveNightmare” vuln has surfaced in the MS KB5004605 update that added AES encryption on OS versions from Windows 10 build 1809 and newer, as confirmed by Twitter user Jonas L and @GossiTheDog.  Microsoft says in CVE-2021-36934 that the zero-day can enable users to escalate to SYSTEM privileges on windows 10 & newer systems.  A Haystack Solutions expert offers thoughts.


Saryu Nayyar

| July 23, 2021

Saryu Nayyar, CEO, Gurucul

Zero-day attacks continue to be among the most alarming for enterprise security analysts. Not only do they have to determine that an attack is occurring, but also how the attack is happening, and how to remediate it and not knowing when a fix may become available makes it even more stressful. This is why organizations have to supplement their security practices with ongoing analytics to observe and respond to anomalous user or network behaviors.


| July 23, 2021

Doug Britton, CEO, Haystack Solutions

Securing networks is akin to balancing spinning plates. System administrators rely on admin rights and privileges as a first line of security and basic defense. The HiveNightmare bug is a significant threat to a fundamental aspect of network administration and the basic system functions we all rely on. To combat this, we need to make sure we continue to invest in cyber talent. We have the tools to identify professionals who would excel as bug hunters. We need to find them and get them into the fight because this won’t be the last time network vulnerabilities like this will surface.

HiveNightmare Windows
External Link: HiveNightmare Windows Zero-Day Vuln Allows Privilege Escalation

Share this page:

Related Posts